CVE-2016-9646
N/A
N/A
Summary
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ikiwiki | ikiwiki | before 3.20161229 | affected |
Weaknesses
- commit metadata forgery
ADP Enrichment
CVE Program Container
Additional References
- https://www.debian.org/security/2017/dsa-3760
- https://security-tracker.debian.org/tracker/CVE-2016-9646
- https://ikiwiki.info/security/#cve-2016-9646
- https://marc.info/?l=oss-security&m=148304341511854&w=2
References
- https://www.debian.org/security/2017/dsa-3760
- https://security-tracker.debian.org/tracker/CVE-2016-9646
- https://ikiwiki.info/security/#cve-2016-9646
- https://marc.info/?l=oss-security&m=148304341511854&w=2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.